Skip to content
/ go-yahp Public

Detect network recon in real time without the use of inline IDS or third-party drivers

License

Apache-2.0 license
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

loftwing/go-yahp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
yahp/sensor
yahp/sensor
 
 
.gitignore
.gitignore
 
 
Gopkg.lock
Gopkg.lock
 
 
Gopkg.toml
Gopkg.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
sensor_tst.go
sensor_tst.go
 
 

Repository files navigation

go-yahp

This project is a work in progress and should not be used in production.

YAHP is deployed as a lightweight Windows service across endpoints in a large enterprise network. It's goal is to detect network scanning without the use of inline IDS and without installing a third-party driver like WinPcap.

Ports

The service listens on a list of configured ports for the beginning of a TCP three-way handshake. Using the SO_CONDITIONAL_ACCEPT sockopt it will take action before sending a SYN-ACK or RST and instead just closes the socket.

Monitoring

The service sends updates about the state of each configured port and any attempted connections in real-time to a RabbitMQ exchange.

...

About

Detect network recon in real time without the use of inline IDS or third-party drivers

Topics

windows rabbitmq honeypot

Resources

Readme

License

Apache-2.0 license
Activity

Stars

3 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages